2022-09-28 Conda Community Meeting
Attendees
| Name | Initials | Affiliation | GH Username |
|---|---|---|---|
| Dave Clements | DPC | Anaconda | tnabtaf |
| Travis Hathaway | TH | Anaconda | travishathaway |
| Cheng H. Lee. | CHL | Anaconda/c-f. | |
| Bianca Henderson | BH | Anaconda | beeankha |
| Jaime Rodríguez-Guerra | JRG | Quansight/c-f | jaimergp |
| Daniel Ching | DJC | Argonne | carterbox |
| Filipe Fernandes | FF | CF | ocefpaf |
| Daniel Holth | DH | Anaconda | dholth |
| John Kirkham | JK | NVIDIA/cf | jakirkham |
| Sebastien Awwad | SA | Anaconda | awwad |
15 people total
Introductions
- Nope
Announcements
- Conda 22.9.0 has been released
New Agenda Items
- (KO) Calling votes on Deprecation Policy CEP
- (DPC) - conda.discourse.group will go live right after this call
- unless there are objections
- Announcement is here
- Will announce in Gitter, Twitter, Slack.
- Will also post to conda Google Group, and will suggest that we shut that down by end of 2022.
- Future conda, conda-build gitter channels
- (CHL) What should we do with
conda verifyand associated message inconda build?- No releases since 2019; not actively maintained AFAIK
- JRG: I want this back in some form if we get funding :)
- JRG, CHL: in favor of removing the message from conda-build; worry about future of conda-verify later
- (DH) CCalling votes on Incremental repodata (.jlap) CEP
- (CHL) How should we handle Python patch releases that break things?
- Context:
- CVE-2020-10735 (
str/intdenial-of-service): fixed in CPython 3.7.14, 3.8.14, 3.9.14, 3.10.7 - CVE-2015-20107 (ACE in
mailcapmodule): fixed in CPython 3.11 beta. No progress upstream (yet) on backporting fixes to 3.7 - 3.9 branches.
- CVE-2020-10735 (
- conda-forge:
- Generally ships what upstream ships
- May give downstream packages (e.g., SymPy) warning before releasing update CPython packages
- Anaconda
- Will probably either backport
mailcappatches and/or nuke the module frompythonpackages
- Will probably either backport
- Context:
- (CHL) Starting to write a grammar for match specs
- (MB) CalVer
- (JRG) CalVer makes it explicit that there are no API guarantees.
- But hurts community developers who rely on stable APIs
- conda-build, conda-smithy, mamba would be hard to upgrade if forced to have tighter pins
- (MRB) Should we start a CEP or open an issue to formally define a stable API?
- (JRG) CalVer makes it explicit that there are no API guarantees.
What is this meeting for?
Various parts of the conda community gather on a regular basis. This meeting brings together all of these sub-communities for a community wide call.